64977 matches found
EUVD-2026-37950
Relyra SAML SignatureValue not cryptographically verified - authentication bypass...
CVE-2026-50137
Budibase prior to 3.39.0 allows an anonymous attacker to call POST /api/attachments/:datasourceId/url with a known workspace id (app_…) and S3 datasource id (ds_…) and receive a 15‑minute pre‑signed PUT URL minted on the victim’s IAM credentials. The endpoint returns both the signed URL and the p...
CVE-2026-42390
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...
EUVD-2026-39859
In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...
CVE-2026-53283
CVE-2026-53283 covers a bounds-check failure in the Linux kernel AMD IOMMU path. The issue arises in __rlookup_amd_iommu(): rlookup_table[devid] is indexed without an internal bounds check, and iommu_device_register() iterates all PCI devices, calling amd_iommu_probe_device() for each. If a devic...
CVE-2026-44732
OpenProject vulnerability CVE-2026-44732 affects the web-based project management tool prior to versions 17.3.2 and 17.4.0. The flaw occurs in the /api/v3/documents/{id} PATCH endpoint, where attacker-controlled attributes are applied to the persisted record before authorization checks, allowing ...
JS Help Desk <= 2.8.1 - SQL Injection
The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
CVE-2026-57315
creationtimestamp| type| source ---|---|--- 2026-06-26 18:05:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7jtsha6v2j...
EUVD-2026-39651
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...
MINI-RR5F-2PH5-83M4
Bulletin has no description...
MINI-Q37F-6QP2-3M46
Bulletin has no description...
MINI-H7F7-XVWH-W2G2
Bulletin has no description...
MINI-HX2W-FVQF-W2HR
Bulletin has no description...
MINI-JMC8-Q8X7-4P82
Bulletin has no description...
MINI-XHHJ-V3CF-32H6
Bulletin has no description...
MINI-93RM-9GJX-V7QM
Bulletin has no description...
MINI-C8C3-MMXG-78H7
Bulletin has no description...
CVE-2026-46331
creationtimestamp| type| source ---|---|--- 2026-06-26 13:26:58+00:00| seen| https://bsky.app/profile/infosecbriefly.bsky.social/post/3mp72c3a6uv2w 2026-06-26 13:35:18+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mp72qywylh2d 2026-06-26 13:38:12+00:00| seen|...
ECHO-E71E-279B-37A1
Bulletin has no description...
CVE-2026-57920
Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...